Avatar billede camilla_michelsen Nybegynder
11. april 2005 - 19:15 Der er 23 kommentarer og
1 løsning

HiJackThis, takker!!

Vil egentligt bare gerne ha MySearchNow.com fjernet fra startsiden, men hvis i kan finde flere ting som ik burde være der, så er i velkomne... I må meeeget gerne forklare det skridt for skridt.. jeg er jo kvinde. :D
hehe...


Logfile of HijackThis v1.99.1
Scan saved at 19:15:26, on 11-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\BearShare\BearShare.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\Camilla\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tdmterkeflncfenuhimoeyfc.biz/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_u75bOdutugxQDKcK78PYbB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ztzhhmxjlnsybdx.info/uGYnMWd4pTuKbKCNOMherrtH8g_0TBAM2YtQoP8/Wgk.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {38A92CCD-40E7-7750-FC70-527513404394} - C:\DOCUME~1\Ejer\APPLIC~1\VIEWLO~1\Trans Coal.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Programmer\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Exit Each Dumb Part] C:\Documents and Settings\All Users\Application Data\Download Send Exit Each\Acidtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TrickshotSetup.exe] C:\DOWNLO~1\TRICKS~1.EXE /r
O4 - HKCU\..\Run: [BARBFACE] C:\DOCUME~1\Ejer\APPLIC~1\BIKEDA~1\link defy noun.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede levich Nybegynder
11. april 2005 - 19:22 #1
Ser på den
Avatar billede camilla_michelsen Nybegynder
11. april 2005 - 19:27 #2
åååh.. tak!!
Avatar billede levich Nybegynder
11. april 2005 - 19:42 #3
Kender du:
O4 - HKCU\..\Run: [TrickshotSetup.exe] C:\DOWNLO~1\TRICKS~1.EXE /r
www.miniclip.com
media.grab.com
Avatar billede levich Nybegynder
11. april 2005 - 19:43 #4
Jeg prøver igen, da det står lidt dårligt.
Kender du Trickshot, www.miniclip.com og media.grab.com?
Avatar billede camilla_michelsen Nybegynder
11. april 2005 - 20:02 #5
:o tror jeg ikk.. :/ min lillebror der har noget med miniclip. :D
Avatar billede levich Nybegynder
11. april 2005 - 20:11 #6
(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tdmterkeflncfenuhimoeyfc.biz/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_u75bOdutugxQDKcK78PYbB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ztzhhmxjlnsybdx.info/uGYnMWd4pTuKbKCNOMherrtH8g_0TBAM2YtQoP8/Wgk.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {38A92CCD-40E7-7750-FC70-527513404394} - C:\DOCUME~1\Ejer\APPLIC~1\VIEWLO~1\Trans Coal.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Programmer\INSTAFINK\InstaFinderK_inst.exe
O4 - HKCU\..\Run: [TrickshotSetup.exe] C:\DOWNLO~1\TRICKS~1.EXE /r
O4 - HKLM\..\Run: [Exit Each Dumb Part] C:\Documents and Settings\All Users\Application Data\Download Send Exit Each\Acidtray.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BARBFACE] C:\DOCUME~1\Ejer\APPLIC~1\BIKEDA~1\link defy noun.exe
O18 - Protocol: bw+0 <<<< alle der starter sådan >>>>>>>


Åbn en tilfældig mappe, i menuen klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
Trans Coal.exe
TRICKS~1.EXE
Acidtray.exe
link defy noun.exe
... og følgende mapper:
:\Programmer\INSTAFINK\

(3)
Start -> programmer -> tilbehør -> systemværktøjer -> diskoprydning -> Slet Temporary internet files, papirkurv og midlertidige filer.
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(4)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
Avatar billede camilla_michelsen Nybegynder
11. april 2005 - 20:47 #7
Logfile of HijackThis v1.99.1
Scan saved at 20:46:59, on 11-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\BearShare\BearShare.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Ejer\Dokumenter\Camilla\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw-0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe



sådanne.. ;)
Avatar billede levich Nybegynder
11. april 2005 - 21:02 #8
Ikke alt er væk.

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O18 - Protocol: bw-0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70C75CF5-4006-46EA-8D58-F524437C7984} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

(2)
Åbn en tilfældig mappe, i menuen klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Avatar billede camilla_michelsen Nybegynder
11. april 2005 - 21:16 #9
Logfile of HijackThis v1.99.1
Scan saved at 21:14:32, on 11-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ejer\Dokumenter\Camilla\HijackThis.exe
C:\Programmer\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.jrcdimntverjlortfg.com/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_uA6BN0nPW6LADKcK78PYbB.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eboohscdxpeybaxfhef.biz/uGYnMWd4pTuKbKCNOMherkop3BzMFKS22YtQoP8/Wgk.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede levich Nybegynder
12. april 2005 - 09:37 #10
Der er stadig mere. Vi tager en hårdere metode i brug.

Fix følgende med hijackthis i en normal opstart af windows:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.jrcdimntverjlortfg.com/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_uA6BN0nPW6LADKcK78PYbB.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eboohscdxpeybaxfhef.biz/uGYnMWd4pTuKbKCNOMherkop3BzMFKS22YtQoP8/Wgk.html

Hent http://www.spywarefri.dk/vaerktoj.htm#spybot (Spybot).
Start programmet, opdater og scan. Slet linjerne med rød tekst.

Hent scannereren http://www.spywareinfo.dk/download/mwav.exe, og kør den.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Scanningen kan godt tage et par timer.

Genstart computeren, lav en ny log med hijackthis og send den herind.
Avatar billede camilla_michelsen Nybegynder
13. april 2005 - 07:41 #11
Nu er alt det der gjort... :/ men der ligger åbenbart en skide fil et eller andet sted på min pc der gør at MySearcNow stadig blir min forside.. for jeg sletter de der R1 og R0 hveeer gang.. men de kommer igen 2 min efter .. :D
Hehe.. men endnu en dér... og taaak for tolmodighed!!!


Logfile of HijackThis v1.99.1
Scan saved at 07:41:10, on 13-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\BearShare\BearShare.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ejer\Dokumenter\Camilla\HijackThis.exe
C:\Programmer\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tpmgexnislvhatk.com/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_tRJQQ5ezXOQwDKcK78PYbB.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pxozllptrvyowsot.com/uGYnMWd4pTuKbKCNOMherisXgX5qKF_b2YtQoP8/Wgk.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BARBFACE] C:\DOCUME~1\Ejer\APPLIC~1\BIKEDA~1\link defy noun.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede levich Nybegynder
13. april 2005 - 08:44 #12
Hmm. Undskyld at du skal så mange ting igennem. Jeg tror dog stadig på at jeg kan fjerne problemerne.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tpmgexnislvhatk.com/uGYnMWd4pTsw4bXGUT2i9r8OiN/svUPN03cr/AvSs_tRJQQ5ezXOQwDKcK78PYbB.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pxozllptrvyowsot.com/uGYnMWd4pTuKbKCNOMherisXgX5qKF_b2YtQoP8/Wgk.htm
O4 - HKCU\..\Run: [BARBFACE] C:\DOCUME~1\Ejer\APPLIC~1\BIKEDA~1\link defy noun.exe

Åbn en tilfældig mappe, i menuen klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
link defy noun.exe (MEGET VIGTIGT)

(3)
Start -> programmer -> tilbehør -> systemværktøjer -> diskoprydning -> Slet Temporary internet files, papirkurv og midlertidige filer.
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.
Avatar billede ejvindh Ekspert
13. april 2005 - 10:06 #13
Levich: Du mangler også denne:
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Iøvrigt -- keep up the good work :-)
Avatar billede levich Nybegynder
13. april 2005 - 11:01 #14
ejvindh -> nej, O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE skal ikke fixes:
http://www.sysinfo.org/startuplist.php?submit=&filter=ALCXMNTR.EXE&submit.x=0&submit.y=0&submit=%3E
Avatar billede tonnybrandt Nybegynder
13. april 2005 - 12:05 #15
levich > Prøv lige at læse den side du henviser til en gang til. Så tror jeg du ændrer mening.
Avatar billede levich Nybegynder
13. april 2005 - 12:29 #16
Camilla har bedt om at få fjernet spyware (mysearchnow) fra sin computer, hvilket er det jeg forsøger på. Et program fra producenten af lydkortet, som indhenter informationer er ikke en del af problemet her, og er ikke skadelig for Camillas computer.
Avatar billede tonnybrandt Nybegynder
13. april 2005 - 13:00 #17
Fra spørgsmålet: "men hvis i kan finde flere ting som ik burde være der, så er i velkomne"
Et program som direkte er klassificeret som spyware, må vel nærmest falde i den kategori.
Avatar billede camilla_michelsen Nybegynder
13. april 2005 - 13:05 #18
Logfile of HijackThis v1.99.1
Scan saved at 13:03:02, on 13-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\BearShare\BearShare.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\Camilla\HijackThis.exe
C:\Programmer\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe


Ny én... Er jeg meget besværlig.. :$ heheh.. :p
gør intet med den anden... :)
Avatar billede levich Nybegynder
13. april 2005 - 14:39 #19
Ingen problemer mere. Opfører din computer sig som del skal, Camilla?
Avatar billede ejvindh Ekspert
13. april 2005 - 18:34 #20
Jeg må jo bøje mig når brugeren selv tilkendegiver at hun gerne vil beholde den. Jeg vil dog stadig fastholde at det ikke er et klogt valg.
Avatar billede camilla_michelsen Nybegynder
15. april 2005 - 08:43 #21
Jaaah den gør Levich... 1000 tak... så må du lige lægge et svar-ting så jeg ka prøve på at finde ud af de point-ting.. fatter så meget hat af denne side.. :p hehe ... tak igen!!
Avatar billede levich Nybegynder
15. april 2005 - 12:04 #22
Tildeling af point, det kan jeg også hjælpe med: http://expfaq.1go.dk/?id=3#behandling_af_svar
Avatar billede camilla_michelsen Nybegynder
15. april 2005 - 15:01 #23
sååå.. er den der nu.. :/ heheh... :p mange tak ihvertfalde.. :D:D
Avatar billede levich Nybegynder
15. april 2005 - 16:47 #24
godt at det lykkedes, til sidst.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester